A Gartner news release quotes Daryl Plummer, managing vice president and Gartner fellow, who says some cloud providers do not offer consumer protections while others "vary greatly in the protections they do offer." While offering some of the protections suggested by the council will carry a cost for cloud service providers, those costs will be mitigated since the protections should encourage more companies to increase their cloud adoption levels, Plummer says. They are:

The right to retain ownership, use and control one's own data. This issue is top of mind, following EMC's decision to shutter its cloud storage service called Atmos. While EMC apparently made it easy to move data from Atmos to EMC partners like AT&T and Hosted Partners, IT Business Edge blogger Art Cole notes it will no longer provide SLAs or other availability guarantees for data that remains in its cloud.

The mention of an SLA provides a nice segue into the second right, the right to service-level agreements that address liabilities, remediation and business outcomes. While a Computerworld article predicted that enterprise-caliber SLAs would be one of the top 10 cloud computing trends for 2001, that looks largely like wishful thinking midway through the year.

The third right is the right to notification and choice about changes that affect the service consumers' business processes. The council suggests cloud providers should provide advance notification of major upgrades or system changes, and give consumers some control over when they make the switch. I touched upon this topic in a post called Are Saas Updates Automatically a Good Thing? Automatic updates, which many software-as-a-service companies position as a selling point, aren't necessarily a good thing if updates cancel out desired features or companies don't get a chance to modify their business processes to take advantage of changes.

The next right, the right to understand the technical limitations or requirements of the service up front, carries some responsibility for cloud consumers. While service providers should fully explain their systems, technical requirements and limitations to cloud consumers, consumers should also keep providers in the loop about their own technical limitations. This obviously should help ensure consumers end up with a service that meets their needs.

IT Business Edge's Lora Bentley has written about risk management in the cloud, observing that it's important to know where cloud data resides for the purposes of determining which laws and regulations apply. The council agrees, saying cloud consumers have the right to understand the legal requirements of jurisdictions in which the provider operates.

With cloud security still a key concern for many companies, as a recent Ponemon Institute study shows, it's not surprising the right to know what security processes the provider follows is also on the council's list. The council says providers should also spell out their business continuity plans.

The final item on the list is a responsibility, the responsibility to understand and adhere to software license requirements. The council suggests service providers should not be held accountable if a consumer violates software license agreements. Consumers, not providers, should also control any audits by software vendors.

Yet perhaps the largest responsibility for consumers is to push providers to honor these rights. Says Plummer:

... The seven rights will not become a reality unless enterprises insist on them when they negotiate with service providers. We urge all enterprises to do what they can to establish these rights and responsibilities as the standard for cloud computing.

There is a nice white paper here on the benefits of cloud computing in terms of efficiency, flexibility and cost. It also explains how it works in the context of evolving technology trends and how, through emerging